CVE-2022-38533: In GNU Binutils before 2.4.0, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. It obviously means 2.40.
CVE-2022-38128 (https://sourceware.org/bugzilla/show_bug.cgi?id=29370): An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.
Fixed for 2.40, backport nontrivial
All affected versions masked. No cleanup (toolchain).
The patch for CVE-2022-38128: ~/git/binutils-gdb $ git tag --contains 695c6dfe binutils-2_40 binutils-2_41 binutils-2_41-release gdb-13-branchpoint gdb-13.1-release gdb-13.2-release
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=14d1caba8122b70c39357e14ad41c672cd2cd81d commit 14d1caba8122b70c39357e14ad41c672cd2cd81d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-30 07:43:08 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-30 07:44:23 +0000 [ GLSA 202309-15 ] GNU Binutils: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/866713 Bug: https://bugs.gentoo.org/867937 Bug: https://bugs.gentoo.org/903893 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-15.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)
CVE-2023-25584 (https://bugzilla.redhat.com/show_bug.cgi?id=2167467): An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. CVE-2023-25588 (https://sourceware.org/bugzilla/show_bug.cgi?id=29677): A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. CVE-2023-25586 (https://sourceware.org/bugzilla/show_bug.cgi?id=29855): A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. CVE-2023-25585 (https://sourceware.org/bugzilla/show_bug.cgi?id=29892): A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. CVE-2022-48065 (https://sourceware.org/bugzilla/show_bug.cgi?id=29925): GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. CVE-2022-44840 (https://sourceware.org/bugzilla/show_bug.cgi?id=29732): Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. CVE-2022-45703 (https://sourceware.org/bugzilla/show_bug.cgi?id=29799): Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. CVE-2022-47673 (https://sourceware.org/bugzilla/show_bug.cgi?id=29876): An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. CVE-2022-47695 (https://sourceware.org/bugzilla/show_bug.cgi?id=29846): An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. CVE-2022-47696 (https://sourceware.org/bugzilla/show_bug.cgi?id=29677): An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. CVE-2022-48063 (https://sourceware.org/bugzilla/show_bug.cgi?id=29924): GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. CVE-2022-48064 (https://sourceware.org/bugzilla/show_bug.cgi?id=29922): GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. All fixed in 2.40.
